File:Optimal sector sampling for drive triage (IA optimalsectorsam1094534750).pdf
Original file (1,275 × 1,650 pixels, file size: 1.97 MB, MIME type: application/pdf, 64 pages)
Captions
Captions
Summary
[edit]Optimal sector sampling for drive triage
(   ) |
||
|---|---|---|
| Author |
Taguchi, James K. |
 |
| Title |
Optimal sector sampling for drive triage |
|
| Publisher |
Monterey, California: Naval Postgraduate School |
|
| Description |
With digital storage becoming cheaper, bigger, and more prevalent, finding evidence from the hard drives collected for a case is too difficult and time consuming. Simply reading an entire drive takes hours and it takes even longer to analyze the drive for deleted files and data fragments. Investigations frequently involve multiple drives, and this traditional method of reading entire drives for analysis simply cannot keep up in modern cases. Furthermore, investigators often search drives only for known files, which we call target data, that could help identify a drive holding evidence such as child pornography or malware. Triage is needed to sift through drives to quickly identify drives containing target data. One way is by randomly sampling drive data to find known files or to give a confidence that less than some small amount is present. We determine the optimal sampling strategy bypassing the file system to find even deleted files and fragments in minimum time with maximum confidence. With 15 minutes of sampling we can give a 90% confidence that less than 10MiB of target data is present on a 500GB hard disk drive. By using statistical sampling in combination with sector hashing, our software forms an efficient triage tool for digital forensics. Subjects: Sector Hashing; Forensic Triage; Digital Forensics; Random Sampling; Disc Drives; File Hashing; Target File Detection; File System; Digital Forensic Investigators |
|
| Language | English | |
| Publication date | June 2013 | |
| Current location |
IA Collections: navalpostgraduateschoollibrary; fedlink |
|
| Accession number |
optimalsectorsam1094534750 |
|
| Source | ||
| Permission (Reusing this file) |
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, may not be copyrighted. | |
Licensing
[edit]
|
This work is in the public domain in the United States because it is a work prepared by an officer or employee of the United States Government as part of that person’s official duties under the terms of Title 17, Chapter 1, Section 105 of the US Code.
Note: This only applies to original works of the Federal Government and not to the work of any individual U.S. state, territory, commonwealth, county, municipality, or any other subdivision. This template also does not apply to postage stamp designs published by the United States Postal Service since 1978. (See § 313.6(C)(1) of Compendium of U.S. Copyright Office Practices). It also does not apply to certain US coins; see The US Mint Terms of Use.
|
 |
| This file has been identified as being free of known restrictions under copyright law, including all related and neighboring rights. | ||
File history
Click on a date/time to view the file as it appeared at that time.
| Date/Time | Thumbnail | Dimensions | User | Comment | |
|---|---|---|---|---|---|
| current | 14:37, 23 July 2020 |  | 1,275 × 1,650, 64 pages (1.97 MB) | Fæ (talk | contribs) | FEDLINK - United States Federal Collection optimalsectorsam1094534750 (User talk:Fæ/IA books#Fork8) (batch 1993-2020 #24050) |
You cannot overwrite this file.
File usage on Commons
The following page uses this file: